After July 2021, the 2.3.x release line will no longer receive quality fixes, or user guide updates. PHP 7.3 reaches end of support in December 2021 and Adobe Commerce 2.3.x reaches end of support in April 2022. We strongly recommend planning your upgrade now to Adobe Commerce 2.4.x and PHP 7.4.x to help maintain PCI compliance.

Security Action Plan

If you suspect that your site is compromised, follow this action plan without delay.

  1. Diagnose

    Run a scan to establish the security status of your Magento store. MageReport.com is a highly regarded service that is available at no charge to members of the Magento community.

  2. Clean

    Hire a qualified consultant or online service to clean your site of all malicious code. Some Magento community members recommend Sucuri Website Malware Removal. Check the /media folder for leftover executable code. Remove all unknown Admin users and reset all Admin passwords.

  3. Protect

    Keep your Magento installation up to date with the most current release. If you are using an older version, apply all security patches as they become available. Review and follow Magento Security Best Practices. Subscribe to Magento Security Alerts.

  4. Report

    If you think that you have found a specific vulnerability in Magento, send a description of the problem with technical details to security@magento.com.

  5. Upgrade

    For the additional peace of mind that comes from 24/7 support, plan your upgrade to Magento Commerce Cloud now.